Legal

Privacy Policy

Last updated: March 1, 2026

Rita Africa ("Rita", "we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and safeguard your personal information when you use the Rita mobile application, website, and related services (collectively, the "Services"). By using our Services, you consent to the practices described in this policy. This policy is governed by the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act (NDPA) 2023.

1. Information We Collect

  • Personal Identification Information: Full legal name, email address, phone number, date of birth, residential address, and nationality as provided during registration.
  • Identity Verification Documents: Bank Verification Number (BVN), National Identification Number (NIN), international passport, driver's license, voter's card, and selfie photographs for KYC verification at each tier.
  • Financial Information: Bank account details, wallet balances, transaction history, virtual card details, crypto wallet addresses, and payment method information.
  • Device & Technical Information: Device model, operating system version, IP address, unique device identifiers, browser type, mobile network information, and time zone for security and fraud prevention.
  • Usage & Behavioral Data: App interaction patterns, feature usage frequency, session duration, navigation paths, and in-app search queries to improve our services.
  • Communication Data: Records of your interactions with our support team, including chat logs, email correspondence, and call recordings (where legally permitted and disclosed).

2. How We Use Your Information

  • Process and execute your financial transactions including wallet transfers, bill payments, crypto trades, virtual card transactions, and cross-border money transfers.
  • Verify your identity across our tiered KYC system (Tier 1: BVN, Tier 2: BVN + NIN + Selfie, Tier 3: BVN + NIN + Selfie + Proof of Address) to comply with CBN regulations.
  • Detect, investigate, and prevent fraud, unauthorized access, money laundering, terrorism financing, and other suspicious or illegal activity.
  • Calculate and apply appropriate transaction limits, fees, and exchange rates based on your verification tier and transaction profile.
  • Send you transaction confirmations, security alerts, OTP codes, account notifications, and critical service updates.
  • Improve, personalize, and optimize our products, services, and user experience through aggregated analytics and A/B testing.
  • Comply with applicable laws, regulations, court orders, and regulatory directives from the Central Bank of Nigeria (CBN), Securities and Exchange Commission (SEC), and other relevant authorities.

3. Data Sharing & Third Parties

  • We never sell, rent, or trade your personal data to third parties for marketing purposes.
  • Payment processing partners and banking institutions required to execute your transactions (e.g., transfers, card issuance, crypto settlement).
  • Licensed identity verification providers who process BVN, NIN, and document authentication for KYC compliance.
  • Cloud infrastructure providers (AWS) who host our services under strict data processing agreements with appropriate security controls.
  • Regulatory and law enforcement authorities when required by Nigerian law, CBN directives, court orders, or when necessary to protect the rights, property, or safety of Rita and its users.
  • Professional advisors including auditors, legal counsel, and consultants bound by professional confidentiality obligations.

4. Data Security

  • All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3 protocols.
  • Authentication tokens and sensitive credentials are stored using platform-native secure storage (iOS Keychain, Android Keystore).
  • Two-factor authentication (2FA), biometric authentication, transaction PINs, and device management provide layered account protection.
  • Our infrastructure undergoes regular security audits, vulnerability assessments, and penetration testing conducted by independent third-party security firms.
  • We maintain a formal incident response plan and will notify affected users within 72 hours of discovering any data breach, as required by the NDPR.
  • Access to personal data is restricted to authorized personnel on a need-to-know basis, with all access logged and monitored.

5. Data Retention

  • Active account data is retained for the duration of your account relationship with Rita.
  • Transaction records are retained for a minimum of 6 years after the transaction date, in compliance with CBN record-keeping requirements.
  • KYC verification documents and identity records are retained for 5 years after account closure, as required by the Money Laundering (Prevention and Prohibition) Act.
  • Upon account deletion request, personal data that is not subject to regulatory retention is anonymized or deleted within 90 days.
  • Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and service improvement purposes.

6. Your Rights

  • Right of Access: Request a complete copy of the personal data we hold about you, provided free of charge within 30 days.
  • Right to Rectification: Request correction of any inaccurate or incomplete personal information in your account.
  • Right to Deletion: Request deletion of your account and personal data, subject to regulatory retention requirements outlined in Section 5.
  • Right to Data Portability: Export your transaction history and account data in standard machine-readable formats (CSV, JSON).
  • Right to Withdraw Consent: Withdraw previously given consent for non-essential data processing at any time, without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data rights have been violated.

7. Cookies & Tracking

  • Our website uses essential cookies required for basic functionality such as session management and security.
  • We use analytics cookies (with your consent) to understand how visitors interact with our website and to improve the user experience.
  • We do not use third-party advertising cookies or cross-site tracking technologies.
  • You can manage cookie preferences through your browser settings at any time.

8. Children's Privacy

  • Rita's services are not directed at individuals under 18 years of age.
  • We do not knowingly collect personal information from minors. If we discover that a minor has created an account, we will promptly delete the account and associated data.

9. Changes to This Policy

  • We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance.
  • Material changes will be communicated via in-app notification and email at least 14 days before taking effect.
  • Continued use of our Services after the effective date of changes constitutes acceptance of the updated policy.

Questions? Contact us at support@rita.africa